[Bypass] SparkHup Disclosure of business employees by AR Manger

Oct 21, 2019Channel
AI Analysis
Data from YouTube Data API v3Updated Just now

Video Overview

Video Details

PublishedOct 21, 2019
Duration1:40
Video ID81MFf3mM2Fc
Languagear
CategoryScience & Technology
PrivacyPublic
Made for KidsNo
Video TypeRegular Video

Performance Metrics

Views6.1K
Likes194
Comments33
Engagement Rate3.71%
Likes per 100 views3.17
Comments per 1K views5.39

Description

Thank god! My 10th BUG in this year on facebook, I got acknowledged by Facebook Security Team After discovering a security issue /sparkarhub/. This flaw allowed me to BYPASS the security patching done by Facebook's security team to my previous report. This again allowed any potential attacker to leak the Business Account Manager. Impact: could have disclosed the identity of an employee within Business Manager to other page admins. Bug type: Privacy / information disclosure الحمد لله، مجددا الثغرة العاشره في فيسبوك لهذا العام. حصلت على اعتراف من الفريق الامني في شركة فيسبوك بعد أبلاغي عن خلل امني في خدمة "sparkarhub"، حيث سمح لي هذا الخلل الامني بتجاوز الترقيع الامني لثغرة قمت باكتشافها سابقا و قام الفريق الامني بأصلاحها ولاكن تبين بعد ألاختبار ان هذا الخلل من الممكن أعادة توليده مره أخرى والحصول على نفس التأثير السابق. أدى هذا الخلل الى أعطاء اي مهاجم محتمل القدرة على تحديد مسؤول حساب الاعمال PoC Video: [ Soon] Timeline: 04/Sep/2019: Submit report 06/Spe/2019: Managed to reproduce 09/Sep/2019: Close Report as "Informative" 10/Sep/2019: I Sent objection and more information 13/Sep/2019: Close Report as "Informative" 14/Sep/2019:I Sent objection and more information 17/Sep/2019: Managed to reproduce 21/Sep/2019: Further investigation 25/Sep/2019: Vulnerability patched 18/Oct/2019: Bounty awarded by Facebook

Related Videos

More videos from Update - أب ديت